As the amount of information available electronically increases, content providers are increasingly turning to external or third party providers to supply at least a portion of the content provided to users, such as to viewers of a Web page offered through a Web site of the provider. For reasons such as consistency and user experience, the content providers often want at least some level of control over this third party content, as supplemental content such as advertising can sometimes generate new windows or expand over the primary content on the page, which can be undesirable for both the content provider and the users.
More importantly in many cases, however, is the fact that third party content can be used to distribute viruses and malware, as well as to perform any of a number of potentially malicious actions. For example, third party advertising is one of the most efficient mechanisms for distributing viruses and malware, but a content provider often has to rely on an outside provider of the advertising to monitor the types of ads being provided. In some cases, script in an ad can rewrite a host file such that content can be pulled in from unintended sources. Other types of supplemental content can perform similar activities as well, such as to capture user information or perform actions, such as unauthorized purchases, that appear to come from a particular user.
Conventional approaches to preventing such unintended functionality have been limited. For example, a provider or user might be able to disable certain types of content, but this typically is done globally and thus can be undesirable in many instances as the approach can be over inclusive. In other cases, any calls from third party content can be denied, but this again can limit the functionality, which in some cases can be desirable or even necessary for proper or intended operation.